80 Indicted for Scams, Including Business Email Compromises

Eighty suspects, most of them Nigerian nationals, have been indicted on charges of running global business email compromise and romance scams that led to millions of dollars in fraud and allegedly involved a complex money-laundering operation, according to the U.S. Department of Justice.

So far, the FBI has arrested 14 of the suspects, including 11 who were either living or working in the Los Angeles area. Others charged in the indictment remain at large, possibly living overseas, according to federal prosecutors.

The FBI issued some of the first search warrants related to this case in 2017, authorities say.

Law enforcement officials allege that two of those arrested, Valentine Iro, 31, and Chukwudi Christogunus Igbokwe, 38, who are both Nigerian citizens, helped coordinate banking and other money services for the scammer group. Once money was stolen from the victims, it was sent to Iro and Igbokwe in the U.S., who would then launder it, prosecutors allege.

Iro and Igbokwe, who are in federal custody, were involved in the laundering of at least $6 million, according to the indictment. Prosecutors believe that this group of scammers may have taken an additional $40 million from victims around the world that included businesses, law firms as well as individuals.

Each of the 80 suspects indicted Thursday faces charges of conspiracy to commit fraud, conspiracy to launder money and aggravated identity theft. Several of the defendants named in the indictment face additional charges of fraud and money laundering.

BEC: A Growing Concern

This is the second large-scale business email compromise scam that has come to light in the last several weeks.

Earlier this month, FBI agents arrested a Nigerian businessman for allegedly helping to carry out an $11 million business email compromise scheme that targeted a U.K. affiliate of U.S. heavy equipment manufacturer Caterpillar (see: FBI Arrests Nigerian Suspect in $11 Million BEC Scheme).

Justice Department indictment of 80 individuals

Over the last year, law enforcement has been warning companies and individuals about business email compromise schemes, which are also called CEO fraud.

These schemes often start with attackers stealing the email credentials of a top executive through phishing or other methods. Then they impersonate that executive, sending urgent messages to lower-level employees to transfer or wire money to bank accounts. In other cases, the attackers spoof a company's business partner.

Chris Dawson, the threat intelligence lead at security firm Proofpoint, tells Information Security Media Group that even through law enforcement and businesses have woken up to the dangers of BEC scams, they are becoming much more prevalent.

"Unfortunately, given the overall success rate and low cost of executing email fraud attacks, it is likely that organizations are only seeing the tip of the iceberg in terms of both direct and indirect damages resulting from these types of attacks, which continue to scale and evolve," Dawson says. "These indictments also underscore the truly global nature of cybercrime - the only thing these criminals needed to initially reach their intended victims was an internet connection."

Thursday's indictment alleges that the scammers either hacked directly into the email systems of businesses or individuals they were targeting or attempted to intercept the emails and communications of a third party involved with the victims.

Vast Money Laundering

The court documents describe in great detail how the suspects allegedly moved money from one country to another to cover their tracks.

The indictment outlines how money allegedly was moved around banks in the U.S., Europe and parts of Africa and Asia. Some transactions were for as little as $10,000, with other transactions totaling $500,000 or more, the indictment states.

Iro and Igbokwe helped coordinate the transfer of victims' money from fraudulent bank accounts that they controlled to various U.S. bank accounts belonging to them and finally to illicit money exchangers, who would help launder the funds, prosecutors allege.

In several of the business email compromise schemes, Iro, Igbokwe and other fraudsters would use "money mules" to create fake accounts where money from businesses would be transferred, prosecutors allege. In other cases, these scammers allegedly created fake businesses that mirrored the names of legitimate businesses to make the transactions seem more real, authorities say.

About the Author

Ferguson is the managing editor for the news desk at Information Security Media Group. He's been covering the IT industry for more than 13 years. Before joining ISMG, Ferguson was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;